With a formidable background in analytics, intelligence, and security, Malik Haidar has spent his career on the front lines, defending multinational corporations from sophisticated cyber threats. He brings a rare perspective that merges deep technical knowledge with a sharp business acumen, focusing on how cybersecurity must evolve from a reactive function into a core strategic enabler. Today, we explore his insights on navigating the turbulent landscape of emerging technologies, from the dual-edged sword of AI and the hidden risks of its unsanctioned use, to securing the vast and vulnerable Internet of Things and knowing when to call for expert reinforcement.
With predictions suggesting a quarter of enterprise data breaches may trace back to AI by 2028, how are AI-powered deepfakes and personalized phishing changing the threat landscape? Can you provide a step-by-step example of how a business should adapt its defenses?
The change is profound and deeply personal. We’re past the era of poorly worded, generic phishing emails. AI now allows cybercriminals to create incredibly convincing, personalized messages and even deepfake audio or video to impersonate trusted leaders. It’s a game-changer; we’ve already seen reports that 16% of breaches involved attackers using AI. The core challenge is that these attacks prey on human trust, bypassing traditional defenses that look for technical red flags. To adapt, a business must take a multi-layered approach. First, you have to assume your perimeter will be breached, which means implementing a Zero Trust Network Access, or ZTNA, model. Second, you must invest in advanced threat detection that uses AI and machine learning to fight fire with fire, identifying and stopping these evolving threats in real time. Finally, this must be built on a foundation of a secure, high-capacity private network, which ensures the integrity of your core data flow and provides the muscle to support these intensive security functions. It’s a continuous cycle of shoring up the perimeter, intelligently monitoring activity within, and ensuring the underlying infrastructure is rock-solid.
Given that many employees now use unapproved AI tools, creating “shadow AI,” what are the top hidden risks this poses to an organization? Could you walk us through a practical framework for establishing effective AI governance without stifling employee innovation?
Shadow AI is one of the most insidious threats because it’s born from good intentions—employees trying to be more productive. But the hidden risks are massive. You have data leakage, where sensitive company information is fed into public AI models. You have compliance and privacy violations when customer data is used improperly. And critically, you open up new, unmonitored attack vectors. A recent Cisco index was quite telling: while over half of companies mandate approved tools, a staggering 22% of employees have unrestricted access to public AI. The real danger is the knowledge gap; nearly half of those companies admitted they lack the expertise to even conduct a proper AI security assessment. A practical framework begins with discovery—using tools to identify which AI applications are actually running on your network. The second step is creating a clear, simple policy that categorizes AI tools into approved, restricted, and banned lists, and communicating the ‘why’ behind these choices. Finally, provide sanctioned, secure AI tools that meet employees’ needs. You can’t just say “no”; you have to provide a powerful and safe “yes” to guide their innovative instincts in the right direction.
In sectors like healthcare, a single system can have over 80,000 connected devices, many with significant vulnerabilities. How should organizations approach securing this massive IoT landscape, and what are the biggest trade-offs they must navigate between operational connectivity and robust security?
The scale is almost hard to comprehend. We’re not talking about a few dozen printers anymore; a single large hospital can have 85,000 connected devices, from infusion pumps to patient monitors. The frightening reality is that research shows 57% of these devices are highly vulnerable, often running outdated software without encryption. The biggest trade-off is right there: operational necessity versus security reality. These devices are critical for patient care, so you can’t just take them offline. The approach must be pragmatic. It starts with network segmentation, isolating these vulnerable IoT devices into their own secure zones so that if one is compromised, it can’t be used as a gateway to the entire network. Next is continuous monitoring. You need a centralized system, like a unified threat management platform, that gives you a single pane of glass to watch all this activity. The goal isn’t to make every single device perfectly secure—that’s often impossible. The goal is to contain the risk and maintain visibility, ensuring that the incredible benefits of connectivity don’t come at the cost of a catastrophic security failure.
Many in-house IT teams feel they lack the resources to conduct comprehensive security assessments. At what point does it become more strategic to partner with a managed security provider, and what specific capabilities should a business look for to ensure the partnership genuinely strengthens its defenses?
That feeling of being overwhelmed is incredibly common, and it’s a critical tipping point. The moment your team spends more time fighting daily fires than planning for future threats, it’s time to consider a partner. It’s also a strategic move when you recognize that the technology is evolving faster than your team can train and adapt, like with the new AI-driven threats. A partnership becomes strategic when it frees your in-house experts to focus on business-specific goals, rather than routine updates and patching. When you look for a partner, you need to look beyond a simple service agreement. You need a provider that delivers a complete, managed solution built on proven platforms, one who can handle everything from design and configuration to ongoing support. They must demonstrate a commitment to staying current, providing updates that address the latest threats so you avoid accumulating technical debt. The key is finding a partner that offers flexibility, allowing your team to control what they want while leaning on the provider’s expertise for the rest. It’s about creating a true extension of your team.
What is your forecast for enterprise cybersecurity over the next five years?
My forecast is that cybersecurity will complete its transition from being seen as an IT cost center to being a fundamental pillar of business strategy and a competitive differentiator. The threats posed by AI and the massive expansion of the IoT will force this change. Companies that simply bolt on security as an afterthought will be the ones that suffer the most damaging and public breaches. The successful organizations will be those that build their network infrastructure and digital initiatives with security at the core from day one. We’ll see a much deeper integration of AI into defensive systems, creating a kind of technological arms race. Furthermore, the skills gap will make strategic partnerships with managed security providers not just a choice, but a necessity for survival and growth for the vast majority of businesses. Security will no longer be about just saying “no” to risks, but about enabling the business to say “yes” to innovation, safely and confidently.
